What are the best options out there to be able to provide a guest wireless internet access so they can't see the rest of devices in LAN?, what's the best and also cost effective appliance that will do that?
SnapOverflow
Are you looking to do this through a single wireless router or through multiple access points? Many routers are multi-SSID as well as DMZ capable if that's what you want. I would look around for some higher end SOHO boxes like the one's from DrayTek. I have had good luck with them in the past. If you already have the LAN set up with a separate subnet for the guest network then you would just place an AP on each and name/secure them as desired. Both would do the job for you.
I would strongly suggest putting guests on their own subnet with strictly controlled firewalls preventing anything but internet access.
The new Apple AirPort Extremes support this.
I have been using the guest network option on a new airport for about a month now and it has worked very well so far.
My company is looking into the same issue. Unless I read something better here, we are going with 2 Linksys wireless routers....running DDWRT.
We like to have the public AP auto-disabled during nonbusiness hours as well as blind to our network. It would be totally open, but may have a welcome portal via wifidog (which, thanks to serverfault, I have discovered runs nicely with DDWRT).
The staff router will not broadcast SSID and will use MAC address recognition, be available 24/7 and play nicely with our network.
Several companies I know have set up a seperate cheap ADSL connection with a wireless router and this is what is used to provide network access to visitors.
You can have a look at one question I asked on Wednesday that might help you too, here the link :
Free Wi-Fi hotspot management software for school
Netcomm do a product that provides Layer 2 segregation, effectively running each client in it's own VLAN. It even does an SMTP redirect - very handy if your ISP blocks port 25. Although it's designed as a pay system with tickets, this can just be turned off.
Over here in Oz it's about AUS $1,500
http://www.netcomm.com.au/products/hotspots/hs960
I have a DLink DI-655 and one of recent firmware upgrades came with a new feature, 2 Independent Wifi networks on the AP/Router. The second one is a guest network, with a differnet SSID, the ablity to set different security settings (Primary can be WPA2 w/AES [CCMP] only, and the guest can be WPA w/TKIP for legacy laptops). The guest network can be set to only allow internet access (no internal access).
I've seen it for $100 at Costco. I'm sure that you can order it, or something just like it without much trouble (and it does N with a gigabit ethernet). The Linksys model above is now getting out of date, as it is 802.11g system.